FreeBSD : heimdal -- bypass of capath policy (40a8d798-4615-11e7-8080-a4badb2f4699)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Viktor Dukhovni reports :

Commit f469fc6 (2010-10-02) inadvertently caused the previous hop
realm to not be added to the transit path of issued tickets. This may,
in some cases, enable bypass of capath policy in Heimdal versions 1.5
through 7.2. Note, this may break sites that rely on the bug. With the
bug some incomplete [capaths] worked, that should not have. These may
now break authentication in some cross-realm configurations.

See also :

Solution :

Update the affected package.

Risk factor :


Family: FreeBSD Local Security Checks

Nessus Plugin ID: 100565 ()

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now